Redirect all outgoing DNS queries to localhost

Started by zszs73, July 02, 2023, 09:08:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
July 02, 2023, 09:08:34 PM
Hello,

Following the https://forum.opnsense.org/index.php?topic=9245 I've created a port forward rule.
Apparently this correctly forwards all DNS queries to localhost, but the firewall responds with its own interface address as source, so the client will not accept it.
See the following tcpdump output taken on the firewall:
192.168.2.21: client ip
192.168.2.254: fw interface ip
Code Select
21:32:43 IP 192.168.2.21.35156 > 8.8.8.8.53: 52992+ [1au] A? dw.com. (47)
21:32:43 IP 192.168.2.254.53 > 192.168.2.21.35156: 52992 2/0/1 A 194.55.30.46, A 194.55.26.46 (67)
In my understanding the firewall just sent back the reply to the client and following its routing table it realized that it has an interface in the client's subnet -> the response packet did not pass through the NAT (portforward) rule -> the source did not get overwritten to 8.8.8.8
What did I set wrong?
Not sure if it is important, but AdGuardHome is listening on the firewall all ip and port 53.

It seems to me that I am not alone: https://forum.opnsense.org/index.php?topic=9245.msg164547#msg164547

Not sure if I have to deal with Rules/adbanced features/reply-to?

Print
Go Up Pages1
User actions